Chinese spy crew appears to be preparing for conflict by backdooring more than 70 critical organizations worldwide (www.theregister.com)

submitted 3 days ago by Hotznplotzn@lemmy.sdf.org to c/cybersecurity@sh.itjust.works

4 comments fedilink hide all child comments

cross-posted from: https://lemmy.sdf.org/post/36375283

Archived

Here is the technical report by SentinelOne.

An IT services company, a European media group, and a South Asian government entity are among the more than 75 companies where China-linked groups have planted malware to access strategic networks should a conflict break out.

SentinelLABS, the threat intel and research arm of security shop SentinelOne, uncovered these new clusters of malicious activity when the suspected Chinese spies tried to break into SentinelOne's own servers in October.

"We tend to prioritize China, and seeing them start to poke at our own products, our own infrastructure, that immediately raises the red flag for us," SentinelOne threat researcher Tom Hegel told The Register in a phone interview. While the attempted SentinelOne intrusion was unsuccessful, being the target of a Chinese reconnaissance campaign led the threat hunters into a deeper analysis of the broader campaign and malware used.

"We started to hunt for it globally, look at their infrastructure and identify those other victims," Hegel said.

[...]

SentinelLABS found more than 70 victims globally across manufacturing, government, finance, telecommunications, and research. One of these was an IT services and logistics company that manages hardware logistics for SentinelOne employees.

Additionally, the security outfit's research uncovered a September 2024 intrusion into a "leading European media organization."

It's a broad range of victims, but they all share one thing in common: they represent strategic targets as China prepares for war of the cyber or kinetic variety.

[...]

SentinelOne, as a security vendor for government and critical infrastructure organizations, makes an attractive starting point for a supply-chain attack along the lines of what Russian spies did to Mandiant during the SolarWinds fiasco.

[...]

you are viewing a single comment's thread
view the rest of the comments

[-] pastermil@sh.itjust.works 9 points 3 days ago* (last edited 3 days ago)

I can't help but wonder what the fuck do terracota soldiers have to do with whatever the fuck the article is writing about.

I mean, yeah I know they're both Chinese, but...

[-] calmluck9349@infosec.pub 1 points 1 day ago

I thought terracotta was a type of cheese..

[-] pastermil@sh.itjust.works 2 points 1 day ago

Bruh that's ricotta

[-] SplashJackson@lemmy.ca 1 points 1 day ago

I think you smelt clay blocks to get it

this post was submitted on 10 Jun 2025

69 points (97.3% liked)

Cybersecurity

7502 readers

307 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social